Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security and Penetration Testing Chapter 15 Web Application Vulnerabilities.

Published byNorah Booker Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security and Penetration Testing Chapter 15 Web Application Vulnerabilities."— Presentation transcript:

1 Computer Security and Penetration Testing Chapter 15 Web Application Vulnerabilities

2 Computer Security and Penetration Testing2 Objectives Recognize Web server vulnerabilities Discuss ways to protect Web servers against vulnerabilities Pinpoint Web browser vulnerabilities Understand session ID exploits List several protective measures for Web browsers

3 Computer Security and Penetration Testing3 Web Application Vulnerabilities Internet is a collection of interconnected networks Users can access many different kinds of servers Most users are not aware of the sort of applications they are contacting The only time the average user is aware of a Web server is when she sees error messages –See Table 15-1

4 Computer Security and Penetration Testing4

5 5 Web Application Vulnerabilities (continued)

6 Computer Security and Penetration Testing6 Web Application Vulnerabilities (continued) Attacks to services include –Information that has been recorded on Web sites is vulnerable to duplication –FTP user and password can be guessed or hacked –Attackers can use the complexity of the site programming to their benefit –Sites can be hacked to insert destinations for phishing exploits –Intranets can be attacked to glean customer information –Files can be altered and removed

7 Computer Security and Penetration Testing7 Why the Web Is Vulnerable Internet protocols are essentially insecure Speed and transparency are the watchwords of today’s Internet –At the expense of better security Most Web users place a great deal of trust in the infrastructure of the Internet The general public seem to believe they have nothing to steal, so they have nothing to lose either

8 Computer Security and Penetration Testing8 Why the Web Is Vulnerable (continued) Weak Passwords –Users must supply authentication to get on the Internet at all –Choose a set of strong passwords Insecure Software Configuration –Microsoft server operating systems are shipped using an easy-to-implement, but unsecured, configuration –Majority of network traffic on the Web is not encrypted –Applications used on Web servers require very specialized knowledge to configure properly

9 Computer Security and Penetration Testing9 Why the Web Is Vulnerable (continued) Ease of Information Distribution –Internet is primarily an avenue for distributing information –Novel exploits and newly discovered vulnerabilities are widely known upon disclosure Increasingly Sophisticated Hacking Tools Available –Network security professionals and hackers alike develop and discover new tools And innovative methods of attacks that apply to new features of security systems and software

10 Computer Security and Penetration Testing10 Why the Web Is Vulnerable (continued) Increasingly Sophisticated Hacking Tools Available (continued) –Tools used to exploit Web vulnerability include: Network scanners Password-cracking tools Packet sniffers Trojan horse programs Tools for modifying system log files Tools for automatically modifying system configuration files

11 Computer Security and Penetration Testing11 Why the Web Is Vulnerable (continued) Access Increasing –An ever-increasing number of people are accessing the Internet every year –Fast access through cable or DSL is also increasing –Brings an increased number of people with access to and interest in the Internet for criminal endeavors

12 Computer Security and Penetration Testing12 Web Server Vulnerabilities Some of the most important Web server vulnerabilities –Insecure network –Unsecured hardware –Threats from insiders –Weaknesses in site administration tools –Weaknesses in application or protocol design –Weaknesses in operating system software

13 Computer Security and Penetration Testing13 Insecure Network When the network of an organization is not secure –No data transmission over the Internet or local area network (LAN) is secure Users who have access to the network –Can intercept messages over the network with the use of packet sniffers

14 Computer Security and Penetration Testing14 Unsecured Hardware If the Web server hardware is not securely protected from unauthorized physical access –No amount of software security can protect that server’s data

15 Computer Security and Penetration Testing15 Threats from Insiders Most effective computer crime originates within the organizations targeted Motives include boredom, idle curiosity, the challenge, revenge, or financial reward

16 Computer Security and Penetration Testing16 Weaknesses in Site Administration Tools Web sites are designed to be dynamic A server upon which Web sites are hosted is regularly monitored If you administer your server locally, it is simple to keep your administration tools secure The easier you make it for authorized users to access their sites –The easier it becomes for unauthorized users to access pieces of the Web server

17 Computer Security and Penetration Testing17 Weaknesses in Application or Protocol Design At the time that software is designed, security is often not of the highest priority This strategy typically produces software that presents unexpected vulnerabilities If a protocol has a fundamental design flaw, then it is vulnerable to various exploits, essentially forever

18 Computer Security and Penetration Testing18 Weaknesses in System Software All operating system software has vulnerabilities System software is very complicated –And intended to supply the base for all subsequent application layer and presentation layer software System software is the foundation upon which the software is laid The same issues of security as an afterthought apply to system software –As they do to application software

19 Computer Security and Penetration Testing19

20 Computer Security and Penetration Testing20 Weaknesses in System Software (continued) Coding Vulnerabilities –API abuse –Access control vulnerability –Authentication vulnerability –Code permission vulnerability –Code quality vulnerability –Cryptographic vulnerability –Environmental vulnerability –Error-handling vulnerability –General logic error vulnerability –Input validation vulnerability

21 Computer Security and Penetration Testing21 Weaknesses in System Software (continued) Implementation Vulnerabilities –Improper Web server access configuration –Administrative privileges –Default user accounts –Misconfigured file permissions

22 Computer Security and Penetration Testing22 Protection against Web Application Vulnerabilities This section describes protection methods for –The physical server –The network architecture –The operating system on that server –The Web server application

23 Computer Security and Penetration Testing23 Securing the Operating System and the Web Server Place your Web server in a demilitarized zone Demilitarized zone (DMZ) –A neutral zone between the private LAN and the public network of an organization –Designed to prevent external users from gaining direct access to any internal servers –Protects LAN from the possibility that your Web server will be hacked by some insider or some outsider

24 Computer Security and Penetration Testing24 Securing the Operating System and the Web Server (continued) Security measures –Check for all default configurations in the operating system and in the Web server –Dump any default user profiles –Shutdown or even uninstall any services that the server does not need to be running –Modify user groups to guarantee that authorized users have only as much access as they require –Shut down Telnet and anonymous FTP

25 Computer Security and Penetration Testing25 Securing the Operating System and the Web Server (continued) Security measures (continued) –Use encrypted services like secure shell (SSH) and authenticated FTP –Set your network firewall to ignore HTTP connections to all ports except HTTP and HTTPS ports –Automate OS patch updates so that patches are installed as soon as they are available

26 Computer Security and Penetration Testing26 Monitoring the Server for Suspicious Activity Measures –Learn what suspicious traffic looks like and monitor system logs for it –Install Snort on your server to search for signature attacks –Install some scripts to watch for attacks on the server –Use tools such as Tripwire, that can run unattended Maintain integrity of password files and registry entries –Set tools to send an e-mail to the server administrator or a page to her cell phone

27 Computer Security and Penetration Testing27 Controlling Access to Confidential Documents Measures –Limit the number of users having administrative or root-level access –Allow only secure shell encrypted remote administration Or authenticated user access through the GUI control panels –Always maintain Web page on a server on the intranet And make all changes to your Web pages from there

28 Computer Security and Penetration Testing28 Controlling Access to Confidential Documents (continued) Setting Up Remote Authoring and Administration Facilities –Allows you to monitor all user activity on your private development machine –And keep a record of Web server logs on a protected machine Frequently remove unnecessary files from the scripts directory –And remove default documents

29 Computer Security and Penetration Testing29 Protecting the Web Server on a LAN Prior to connecting the Web server to the Internet –Make certain it has been hardened –And cannot be used as a staging area to attack other computers on the network If the organization has several Web servers and they are maintained by different departments –Remove trust relationships that might exist between them

30 Computer Security and Penetration Testing30 Checking for Security Issues Periodically, scan Web server with tools such as Nmap or Nessus –To check for possible new vulnerabilities Add a software firewall such as Zone Alarm Pro to your Windows machine –Monitor unexpected activities

31 Computer Security and Penetration Testing31 Web Browser Vulnerabilities Client side issues are similar to the server side Physical tampering and operating system vulnerabilities do exist –For most users, the main focus is the Web browser The most common source of Web-browser exploits is physical tampering

32 Computer Security and Penetration Testing32 Cache File When a Web site is accessed –The browser receives files from the Web server that the browser interprets And presents the data to the best of its ability Everything accessed on the Internet is copied to a cache file If the file is available in the cache –The browser displays it in preference to displaying the file available on the server

33 Computer Security and Penetration Testing33 Cache File (continued) The information saved in the cache files, history file, or bookmarks on a browser –Might pose a threat if accessed by someone intending to gather information about the user If your browser supports HTML 3.0 extensions and Java, and you are not properly configured –Your history file, cache, and other files can be copied from your hard drive And directly uploaded to an attacker’s server by using Java, JavaScript, or ActiveX

34 Computer Security and Penetration Testing34 History File Allows you to view the pages you have visited in the last user-defined number of days Information regarding the forms you submit on a Web page is also included in the history file History file may include credit card details, user name, or password

35 Computer Security and Penetration Testing35

36 Computer Security and Penetration Testing36 Bookmarks Store information about Web pages you have visited –Bookmarks do not expire like history files If you bookmark a Web site that requires entering a password –You can save the username and password An attacker who can access your machine may be able to access your controlled-access sites

37 Computer Security and Penetration Testing37 Cookies Cookie –Small text file stored on a computer by Web servers –Contains information about the last session when you visited the site Cookies store followed link information and may store username and password information Cookies are stored on well known directories

38 Computer Security and Penetration Testing38 Cookies (continued) Two flavors of cookies –Session cookies Temporary cookies that are erased when you close your browser at the end of your session –Persistent cookies Remain on hard drive until erased or expired

39 Computer Security and Penetration Testing39

40 Computer Security and Penetration Testing40 Location of Web Files Cache Cache information is located in various directories –Depending on the operating system, the browser, and the version of the browser Cache information is typically stored in a subdirectory of the Web browser’s working directory Can change how often browser updates the cache

41 Computer Security and Penetration Testing41 Browser Information Whenever you log onto a Web site –Browser automatically sends information Logon credentials that are sent to a Web server may compromise the privacy of a computer One of the sites that can be used to acquire information from the Web browser is BrowserSpy

42 Computer Security and Penetration Testing42 Browser Information (continued) Every time a Web site is visited, the browser automatically sends the following data: –Host address –Web browser’s version –Web browser’s language –Files the Web browser accepts –Characters your Web browser accepts –Browser encoding –Username –HTTP port of the computer

43 Computer Security and Penetration Testing43 Browser Information (continued) The following information about a computer’s settings may be acquired if JavaScript is enabled: –JVM or Java plug-ins –FTP password –Current resolution –Maximum resolution –Version –Color depth –Platform –Anti-aliasing fonts

44 Computer Security and Penetration Testing44 Session ID Exploits Once establishing a connection with a server –A user provides authentication information Session ID is generated and then sent to the client –Shows that the user can communicate with the server until that session expires Based on the session ID, the client computer is given access to a variety of services on that server

45 Computer Security and Penetration Testing45 Session ID Exploits (continued) Sometimes, when sessions expire –Servers permit the same session ID to be used for the next session An attacker can use the same server behavior to access account details –By borrowing the session key and connecting to the server

46 Computer Security and Penetration Testing46 Web Browser Protection Precautions include –Disable the cache, or set its size to zero –Set browser to clear cache every time you close the browser Look into the file system to see if it is actually doing that –Set the History preference to save for 0 days or, even better, delete the file at the end of the session –Do not set vulnerable pages in your bookmarks –Do not save passwords or set the master password

47 Computer Security and Penetration Testing47 Web Browser Protection (continued) Precautions include (continued) –Clear cookies file to remove cookies, and make the cookie.txt file read only –Disable JavaScript support and cookies on your browser –Use Firefox browser –Set browser to accept only cookies from trusted sites and the originating Web site –Set Internet security to High, requiring all scripts to ask for permission to run

48 Computer Security and Penetration Testing48 Summary Protocols upon which the Internet rest are insecure Absence of a fundamentally secure infrastructure, coupled with constantly evolving user expectations, results in quick, easy, and inexpensive Web attacks Factors that lead to vulnerability of data and applications on the Web include weak passwords, and insecure software configuration Hundreds or thousands of Web server programs

49 Computer Security and Penetration Testing49 Summary (continued) Web server vulnerabilities include an insecure network, insecure hardware, threats from insiders, and weaknesses in site administration tools System software vulnerabilities can be divided into two categories: coding and implementation Several layers require protection in relation to Web services Actions to take for protecting Web servers include securing the operating system and Web server and monitoring the server for suspicious activity

50 Computer Security and Penetration Testing50 Summary (continued) Primary Web browser vulnerabilities include physical tampering, operating system vulnerabilities, and vulnerabilities inherent in the browser itself Hackers can learn a lot about individuals and organizations due to browser vulnerabilities A session ID serves as a key between a client computer and a server Actions to protect against various browser vulnerabilities include password-protect your screensaver, lock the screen when you are away from your computer, and disable the cache

Download ppt "Computer Security and Penetration Testing Chapter 15 Web Application Vulnerabilities."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Similar presentations

Ads by Google